Bug#786475: marked as done (ntfs-3g: CVE-2015-3202)

Wed, 27 May 2015 00:49:45 -0700 

Your message dated Wed, 27 May 2015 07:47:05 +0000
with message-id <e1yxw3n-00030u...@franck.debian.org>
and subject line Bug#786475: fixed in ntfs-3g 1:2014.2.15AR.2-1+deb8u2
has caused the Debian Bug report #786475,
regarding ntfs-3g: CVE-2015-3202
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
786475: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786475
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: ntfs-3g
Version: 1:2013.1.13AR.3-2
Severity: grave
Tags: security patch upstream
Justification: user security hole

Hi Laszlo

ntfs-3g in jessie and above is similarly affected by CVE-2015-3202
since ntfs-3g since 1:2013.1.13AR.3-2 builds with internal fuse copy.

The patch I have used to prepare the updates for jessie is attached.

ntfs-3g though should try to use the system fuse and not the embedded
copy, could you check to switch this back?

Regards,
Salvatore

Description: Fix CVE-2015-3202
 Missing scrubbing of the environment before executing a mount or umount
 of a filesystem.
Origin: backport
Author: Miklos Szeredi <mik...@szeredi.hu>
Last-Update: 2015-05-19

---
 lib/mount_util.c |   23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

--- a/libfuse-lite/mount_util.c
+++ b/libfuse-lite/mount_util.c
@@ -66,6 +66,7 @@ int fuse_mnt_add_mount(const char *progn
         return -1;
     }
     if (res == 0) {
+        char *env = NULL;
         char templ[] = "/tmp/fusermountXXXXXX";
         char *tmp;
 
@@ -87,8 +88,8 @@ int fuse_mnt_add_mount(const char *progn
             exit(1);
         }
         rmdir(tmp);
-        execl("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
-              fsname, mnt, NULL);
+        execle("/sbin/mount", "/sbin/mount", "-F", type, "-o", opts,
+              fsname, mnt, NULL, &env);
         fprintf(stderr, "%s: failed to execute /sbin/mount: %s\n", progname,
                 strerror(errno));
         exit(1);
@@ -120,9 +121,16 @@ int fuse_mnt_umount(const char *progname
         return -1;
     }
     if (res == 0) {
+        char *env = NULL;
+
         setuid(geteuid());
-        execl("/sbin/umount", "/sbin/umount", !lazy ? "-f" : NULL, mnt,
-              NULL);
+        if (!lazy) {
+                execle("/sbin/umount", "/sbin/umount", "-f", mnt,
+                       NULL, &env);
+        } else {
+                execle("/sbin/umount", "/sbin/umount", mnt,
+                       NULL, &env);
+        }
         fprintf(stderr, "%s: failed to execute /sbin/umount: %s\n", progname,
                 strerror(errno));
         exit(1);
@@ -302,6 +310,7 @@ int fuse_mnt_add_mount(const char *progn
         return 0;
     }
     if (res == 0) {
+        char *env = NULL;
         char templ[] = "/tmp/fusermountXXXXXX";
         char *tmp;
 
@@ -325,8 +334,8 @@ int fuse_mnt_add_mount(const char *progn
             exit(1);
         }
         rmdir(tmp);
-        execl("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
-              fsname, mnt, NULL);
+        execle("/bin/mount", "/bin/mount", "-i", "-f", "-t", type, "-o", opts,
+              fsname, mnt, NULL, &env);
         fprintf(stderr, "%s: failed to execute /bin/mount: %s\n", progname,
                 strerror(errno));
         exit(1);

--- End Message ---
--- Begin Message --- 
Source: ntfs-3g
Source-Version: 1:2014.2.15AR.2-1+deb8u2

We believe that the bug you reported is fixed in the latest version of
ntfs-3g, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ntfs-3g package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 26 May 2015 19:36:39 +0200
Source: ntfs-3g
Binary: ntfs-3g ntfs-3g-dbg ntfs-3g-dev ntfs-3g-udeb
Architecture: source
Version: 1:2014.2.15AR.2-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Description:
 ntfs-3g    - read/write NTFS driver for FUSE
 ntfs-3g-dbg - read/write NTFS driver for FUSE (debug)
 ntfs-3g-dev - read/write NTFS driver for FUSE (development)
 ntfs-3g-udeb - read/write NTFS driver for FUSE (udeb)
Closes: 786475
Changes:
 ntfs-3g (1:2014.2.15AR.2-1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Update 0002-CVE-2015-3202.patch patch.
     CVE-2015-3202: Missing scrubbing of the environment before executing a
     mount or umount of a filesystem.
     The previous fix for CVE-2015-3202 was incomplete and missed the
     replacement of one execl call with execle. (Closes: #786475)
Checksums-Sha1:
 89e05dd2bcb494810899b4e7fb9df696ceb17932 2162 
ntfs-3g_2014.2.15AR.2-1+deb8u2.dsc
 e7c1de2631b8c111a6284d674bd7122e031e67b3 22108 
ntfs-3g_2014.2.15AR.2-1+deb8u2.debian.tar.xz
Checksums-Sha256:
 273d5e157ad5dd6d9ae0626756aad1ff422b724390510106fe8ca9c40caa7d56 2162 
ntfs-3g_2014.2.15AR.2-1+deb8u2.dsc
 029e9b81c4b1ef07f1509b6caf6b2758e9905989f59501c784b7625437dbb7e5 22108 
ntfs-3g_2014.2.15AR.2-1+deb8u2.debian.tar.xz
Files:
 f99879552909df5533547293a02b0b15 2162 otherosfs optional 
ntfs-3g_2014.2.15AR.2-1+deb8u2.dsc
 c2d64326825320044a9cf500c14209a3 22108 otherosfs optional 
ntfs-3g_2014.2.15AR.2-1+deb8u2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVZLXxAAoJEAVMuPMTQ89EuYgP/10WjuwtubjiOqI1Nd2Lus42
5VjjCkbNRoJGhIMEGVaL6d07QzIX9gG+W6l0v9VIkib+nXRWW34Y1cl9IBSTku9u
jusRDhlGVGF01BuB1pFWAGFY8PR+AgXMTkVWxVQj8WlE/L9aBbPlC3Dc8oxc1ngx
Ok8VXQzlRvsnuK9DGRl+pzHlgDbgu5afzkoLaH6Txzyg1ZG4CLvFda7CWnpt9NH2
tg73dlwkmXsM2K45W+/DXqOv+MEY7KpyaJbWXOukpcUdB1qsAqQLHSf5NQu1U+cF
fFgmB1CsdGxQ1a0aBgsl9s/AE384o31GMq40Su3jFXy+CCX8zCGQRBrvDfElNIXf
Ltow7zn0pr+LfaWn8oZjSzrocNuUtlCOIfL8eBfim0Ik2zsrbt0DQ+c1idARGpS5
tC8bc2+y6ZvXdq9g22kJO3C4DN5YS4ZXjOWdAgub4gI699N6VqRi6oPQXtyt5lBP
+zOOw3VRNNAmKAQw6KSPmLBzmUcOCgQOYnw0APTZ6VPI3k0mPo+0cd2AvhJyRL6g
TYQQh9UDlP+7+UeWHe0plU9oi0KFH6yuFDRQEo/x87h4MxU+ys4ioGkXIzVK86CK
uePSwIkly14Rzs9O8TAoXExlF/1uV753m6fqBlZP3UOHsG/cVs01tqw4vjh9KPon
cMbQ4udEJra2emSdBA7+
=xFQx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to